CyberArk PAS

Use the CyberArk Privileged Access Security (PAS) solution to manage users, safes, vaults, and accounts from Cortex XSOAR. This integration was integrated and tested with version xx of CyberArkPAS

Configure CyberArkPAS on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for CyberArkPAS.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlServer URL (e.g., https://example.net\)True
credentialsUsernameTrue
isFetchFetch incidentsFalse
max_fetchMax fetchFalse
fetch_timeFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
scoreCyberArk PAS score (0.0-100.0)False
incidentTypeIncident typeFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cyberark-pas-user-add


Add a new user to the vault.

Base Command

cyberark-pas-user-add

Input

Argument NameDescriptionRequired
usernameThe name of the user.Required
user_typeThe user type according to the license.Optional
non_authorized_interfacesThe CyberArkPAS interfaces that this user is not authorized to use, e.g., - "PSM", "PSMP"Optional
locationThe location in the vault where the user will be created. Must begin with "\". If just "\", the vault is in the root.Optional
expiry_dateThe date when the user credentials expire. Must be in the following timestamp format: (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).Optional
passwordThe password that the user will use to log in for the first time.Required
change_password_on_the_next_logonWhether or not the user must change the user password from the second log in onward. Can be 'true' or 'false'. Default is 'true'.Optional
password_never_expiresWhether the user’s password will not expire unless they decide to change it. Can be 'true' or 'false'. Default is 'false'.Optional
vault_authorizationA comma-separated list of user permissions. Valid values are: AuditUsers, AddUpdateUsers, ResetUsersPasswords, ActivateUsers, AddNetworkAreas, ManageDirectoryMapping, ManageServerFileCategories, BackupAllSafes, RestoreAllSafes e.g., AddSafes,AuditUsersOptional
descriptionNotes and comments.Optional
emailThe email address of the user.Optional
first_nameThe first name of the user.Optional
last_nameThe last name of the user.Optional
enable_userWhether the user will be enabled upon creation. Can be 'true' or 'false'. Default is 'true'.Optional
distinguished_nameThe distinguished name of the user. The usage is for PKI authentication. This will match the certificate subject name or domain name.Optional
professionThe profession of the user.Optional

Context Output

PathTypeDescription
CyberArkPAS.Users.idNumberThe unique ID of the user.
CyberArkPAS.Users.authenticationMethodStringThe authentication method of the user.
CyberArkPAS.Users.changePassOnNextLogonBooleanWhether or not the user must change the user password.
CyberArkPAS.Users.descriptionStringDescription of the user.
CyberArkPAS.Users.enableUserBooleanWhether or not the user is enabled.
CyberArkPAS.Users.expiryDateNumberThe expiry date of the user credentials.
CyberArkPAS.Users.internet.businessEmailStringThe email address of the user.
CyberArkPAS.Users.lastSuccessfulLoginDateNumberThe last successful login date of the user.
CyberArkPAS.Users.locationStringThe location in the vault where the user will be created.
CyberArkPAS.Users.personalDetails.professionStringThe profession of the user.
CyberArkPAS.Users.suspendedBooleanWhether or not the user is suspended.
CyberArkPAS.Users.userTypeStringThe type of the user.
CyberArkPAS.Users.usernameStringThe name of the user.
CyberArkPAS.Users.vaultAuthorizationStringThe permissions of the user.

Command Example

!cyberark-pas-user-add username="TestUser" password="12345Aa" change_password_on_the_next_logon=true description="new user for test" email="usertest@test.com" enable_user=true first_name="user" last_name="test" profession="testing integrations"

Context Example

{
"CyberArkPAS": {
"Users": {
"authenticationMethod": [
"AuthTypePass"
],
"businessAddress": {
"workCity": "",
"workCountry": "",
"workState": "",
"workStreet": "",
"workZip": ""
},
"changePassOnNextLogon": true,
"componentUser": false,
"description": "new user for test",
"distinguishedName": "",
"enableUser": true,
"expiryDate": -62135578800,
"groupsMembership": [],
"id": 150,
"internet": {
"businessEmail": "usertest@test.com",
"homeEmail": "",
"homePage": "",
"otherEmail": ""
},
"lastSuccessfulLoginDate": 1597830302,
"location": "\\",
"passwordNeverExpires": false,
"personalDetails": {
"city": "",
"country": "",
"department": "",
"firstName": "user",
"lastName": "test",
"middleName": "",
"organization": "",
"profession": "testing integrations",
"state": "",
"street": "",
"title": "",
"zip": ""
},
"phones": {
"businessNumber": "",
"cellularNumber": "",
"faxNumber": "",
"homeNumber": "",
"pagerNumber": ""
},
"source": "CyberArk",
"suspended": false,
"unAuthorizedInterfaces": [],
"userType": "EPVUser",
"username": "TestUser",
"vaultAuthorization": []
}
}
}

Human Readable Output

Results

authenticationMethodbusinessAddresschangePassOnNextLogoncomponentUserdescriptiondistinguishedNameenableUserexpiryDategroupsMembershipidinternetlastSuccessfulLoginDatelocationpasswordNeverExpirespersonalDetailsphonessourcesuspendedunAuthorizedInterfacesuserTypeusernamevaultAuthorization
AuthTypePassworkStreet:
workCity:
workState:
workZip:
workCountry:
truefalsenew user for testtrue-62135578800150homePage:
homeEmail:
businessEmail: usertest@test.com
otherEmail:
1597830302\ falsestreet:
city:
state:
zip:
country:
title:
organization:
department:
profession: testing integrations
firstName: user
middleName:
lastName: test
homeNumber:
businessNumber:
cellularNumber:
faxNumber:
pagerNumber:
CyberArkfalseEPVUserTestUser

cyberark-pas-user-update


Update an existing vault user.

Base Command

cyberark-pas-user-update

Input

Argument NameDescriptionRequired
usernameThe name of the user.Optional
user_typeUser type according to the license.Optional
non_authorized_interfacesThe CyberArkPAS interfaces that this user is not authorized to use, e.g., "PSM", "PSMP"Optional
locationThe location in the vault where the user will be created. Must begin with "\". If just "\", the vault is in the root.Optional
expiry_dateThe date when the user expires. Must be in the following timestamp format: (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).Optional
change_password_on_the_next_logonWhether or not the user must change their password from the second log on onward. Can be 'true' or 'false'. Default is 'true'.Optional
password_never_expiresWhether the user’s password will not expire unless they decide to change it. Can be 'true' or 'false'. Default is 'false'.Optional
vault_authorizationA comma-separated list of user permissions. Valid values are: AddSafes, AuditUsers, AddUpdateUsers, ResetUsersPasswords, ActivateUsers, AddNetworkAreas, ManageDirectoryMapping, ManageServerFileCategories, BackupAllSafes, RestoreAllSafes e.g., AddSafes,AuditUsersOptional
descriptionNotes and comments.Optional
emailThe email addresses of the user.Optional
first_nameThe first name of the user.Optional
last_nameThe last name of the user.Optional
enable_userWhether the user will be enabled upon creation. Can be 'true' or 'false'. Default is 'true'.Optional
distinguished_nameThe distinguished name of the user. The usage is for PKI authentication. This will match the certificate subject name or domain name.Optional
professionThe profession of the user.Optional
user_idThe ID of the user to update.Required

Context Output

PathTypeDescription
CyberArkPAS.Users.idNumberThe unique ID of the user.
CyberArkPAS.Users.authenticationMethodStringThe authentication method for the user.
CyberArkPAS.Users.changePassOnNextLogonBooleanWhether or not the user must change the user password.
CyberArkPAS.Users.descriptionStringDescription of the user.
CyberArkPAS.Users.enableUserBooleanWhether or not the user is enabled.
CyberArkPAS.Users.expiryDateNumberThe expiry date of the user.
CyberArkPAS.Users.internet.businessEmailStringThe email address of the user.
CyberArkPAS.Users.lastSuccessfulLoginDateNumberThe last successful login date of the user.
CyberArkPAS.Users.locationStringThe location in the vault where the user will be created.
CyberArkPAS.Users.personalDetails.professionStringThe profession of the user.
CyberArkPAS.Users.suspendedBooleanWhether or not the user is suspended.
CyberArkPAS.Users.userTypeStringThe type of the user.
CyberArkPAS.Users.usernameStringThe name of the user.
CyberArkPAS.Users.vaultAuthorizationStringThe permissions of the user.

Command Example

!cyberark-pas-user-update user_id=150 change_password_on_the_next_logon=true description="updated description" email="update@test.com" first_name="test1" last_name="updated-name" username="TestUser1" profession="test1"

Context Example

{
"CyberArkPAS": {
"Users": {
"authenticationMethod": [
"AuthTypePass"
],
"businessAddress": {
"workCity": "",
"workCountry": "",
"workState": "",
"workStreet": "",
"workZip": ""
},
"changePassOnNextLogon": true,
"componentUser": false,
"description": "updated description",
"distinguishedName": "",
"enableUser": true,
"expiryDate": -62135578800,
"groupsMembership": [],
"id": 150,
"internet": {
"businessEmail": "update@test.com",
"homeEmail": "",
"homePage": "",
"otherEmail": ""
},
"lastSuccessfulLoginDate": 1597830302,
"location": "\\",
"passwordNeverExpires": false,
"personalDetails": {
"city": "",
"country": "",
"department": "",
"firstName": "test1",
"lastName": "updated-name",
"middleName": "",
"organization": "",
"profession": "test1",
"state": "",
"street": "",
"title": "",
"zip": ""
},
"phones": {
"businessNumber": "",
"cellularNumber": "",
"faxNumber": "",
"homeNumber": "",
"pagerNumber": ""
},
"source": "CyberArk",
"suspended": false,
"unAuthorizedInterfaces": [],
"userType": "EPVUser",
"username": "TestUser1",
"vaultAuthorization": []
}
}
}

Human Readable Output

Results

authenticationMethodbusinessAddresschangePassOnNextLogoncomponentUserdescriptiondistinguishedNameenableUserexpiryDategroupsMembershipidinternetlastSuccessfulLoginDatelocationpasswordNeverExpirespersonalDetailsphonessourcesuspendedunAuthorizedInterfacesuserTypeusernamevaultAuthorization
AuthTypePassworkStreet:
workCity:
workState:
workZip:
workCountry:
truefalseupdated descriptiontrue-62135578800150homePage:
homeEmail:
businessEmail: update@test.com
otherEmail:
1597830302\ falsestreet:
city:
state:
zip:
country:
title:
organization:
department:
profession: test1
firstName: test1
middleName:
lastName: updated-name
homeNumber:
businessNumber:
cellularNumber:
faxNumber:
pagerNumber:
CyberArkfalseEPVUserTestUser1

cyberark-pas-user-delete


Delete a specific user in the vault.

Base Command

cyberark-pas-user-delete

Input

Argument NameDescriptionRequired
user_idThe ID of the user to delete.Required

Context Output

PathTypeDescription
CyberArkPAS.Users.DeletedBooleanWhether the user was deleted.

Command Example

!cyberark-pas-user-delete user_id=150

Context Example

{
"CyberArkPAS": {
"Users": {
"Deleted": true,
"id": "150"
}
}
}

Human Readable Output

User 150 was deleted

cyberark-pas-users-list


Return a list of all existing users in the vault that meet the filter and search criteria.

Base Command

cyberark-pas-users-list

Input

Argument NameDescriptionRequired
filterRetrieve users using filters. Valid values: userType, componentUser.Optional
searchSearch by the following values: username, first name, last name.Optional

Context Output

PathTypeDescription
CyberArkPAS.Users.idNumberThe unique IDs of the users.
CyberArkPAS.Users.authenticationMethodStringThe authentication method of the user.
CyberArkPAS.Users.changePassOnNextLogonBooleanWhether or not the users must change their password.
CyberArkPAS.Users.descriptionStringDescriptions of the users.
CyberArkPAS.Users.enableUserBooleanWhether or not the users are enabled.
CyberArkPAS.Users.expiryDateNumberThe expiry dates of the users.
CyberArkPAS.Users.internet.businessEmailStringThe email addresses of the users.
CyberArkPAS.Users.lastSuccessfulLoginDateNumberThe last successful login dates of the users.
CyberArkPAS.Users.locationStringThe locations in the vault where the users were created.
CyberArkPAS.Users.personalDetails.professionStringThe professions of the users.
CyberArkPAS.Users.suspendedBooleanWhether or not the users are suspended.
CyberArkPAS.Users.userTypeStringThe types of the users.
CyberArkPAS.Users.usernameStringThe names of the users.
CyberArkPAS.Users.vaultAuthorizationStringThe permissions of the users.

Command Example

!cyberark-pas-users-list

Context Example

{
"CyberArkPAS": {
"Users": [
{
"componentUser": false,
"id": 2,
"location": "\\",
"personalDetails": {
"firstName": "",
"lastName": "",
"middleName": ""
},
"source": "CyberArk",
"userType": "Built-InAdmins",
"username": "Administrator",
"vaultAuthorization": [
"AddUpdateUsers",
"AddSafes",
"AddNetworkAreas",
"ManageDirectoryMapping",
"ManageServerFileCategories",
"AuditUsers",
"BackupAllSafes",
"RestoreAllSafes",
"ResetUsersPasswords",
"ActivateUsers"
]
},
{
"componentUser": false,
"id": 3,
"location": "\\",
"personalDetails": {
"firstName": "",
"lastName": "",
"middleName": ""
},
"source": "CyberArk",
"userType": "Built-InAdmins",
"username": "Auditor",
"vaultAuthorization": [
"AuditUsers"
]
}
}

Human Readable Output

There are 2 users

componentUseridlocationpersonalDetailssourceuserTypeusernamevaultAuthorization
false2\ firstName:
middleName:
lastName:
CyberArkBuilt-InAdminsAdministratorAddUpdateUsers,
AddSafes,
AddNetworkAreas,
ManageDirectoryMapping,
ManageServerFileCategories,
AuditUsers,
BackupAllSafes,
RestoreAllSafes,
ResetUsersPasswords,
ActivateUsers
false3\ firstName:
middleName:
lastName:
CyberArkBuilt-InAdminsAuditorAuditUsers

cyberark-pas-user-activate


Activate an existing vault user who was suspended after entering incorrect credentials multiple times. Uses the V1 of the API and may change in the future.

Base Command

cyberark-pas-user-activate

Input

Argument NameDescriptionRequired
user_idThe ID of the user to activate.Required

Context Output

There is no context output for this command.

Command Example

!cyberark-pas-user-activate user_id=150

Human Readable Output

User 150 was activated

cyberark-pas-safes-list


Return information about all of the user’s safes in the vault.

Base Command

cyberark-pas-safes-list

Input

There are no input arguments for this command.

Context Output

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe names of the safes.
CyberArkPAS.Safes.DescriptionStringThe descriptions of the safes.
CyberArkPAS.Safes.LocationStringThe locations of the safes.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safes.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the safes.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the safes.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the safes.

Command Example

!cyberark-pas-safes-list

Context Example

{
"CyberArkPAS": {
"Safes": [
{
"Description": "",
"Location": "\\",
"SafeName": "Internal",
"SafeUrlId": "Internal"
},
{
"Description": "",
"Location": "\\",
"SafeName": "Notification",
"SafeUrlId": "Notification"
},
{
"Description": "",
"Location": "\\",
"SafeName": "Reports",
"SafeUrlId": "Reports"
}
]
}
}

Human Readable Output

There are 3 safes

DescriptionLocationSafeNameSafeUrlId
\ InternalInternal
\ NotificationNotification
\ ReportsReports

cyberark-pas-safe-get-by-name


Return information about a specific safe in the vault.

Base Command

cyberark-pas-safe-get-by-name

Input

Argument NameDescriptionRequired
safe_nameThe name of the safe about which information is returned.Required

Context Output

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe name of the safe.
CyberArkPAS.Safes.DescriptionStringThe description of the safe.
CyberArkPAS.Safes.LocationStringThe location of the safe.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safe.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the safe.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the safe.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the safe.

Command Example

!cyberark-pas-safe-get-by-name safe_name=UpdatedName1

Context Example

{
"CyberArkPAS": {
"Safes": {
"AutoPurgeEnabled": false,
"Description": "UpdatedSafe",
"Location": "\\",
"ManagingCPM": "",
"NumberOfDaysRetention": 150,
"NumberOfVersionsRetention": null,
"OLACEnabled": true,
"SafeName": "UpdatedName1"
}
}
}

Human Readable Output

Results

AutoPurgeEnabledDescriptionLocationManagingCPMNumberOfDaysRetentionNumberOfVersionsRetentionOLACEnabledSafeName
falseUpdatedSafe\ 150trueUpdatedName1

cyberark-pas-safe-add


Add a new safe to the vault.

Base Command

cyberark-pas-safe-add

Input

Argument NameDescriptionRequired
safe_nameName of a safe to create.Required
descriptionDescription of the new safe.Optional
OLAC_enabledWhether or not to enable Object Level Access Control (OLAC) for the new
safe. Valid values are: 'true' or 'false'. Default is 'true'.
Optional
managing_cpmThe name of the Central Policy Manager (CPM) user who will manage the new safe.Optional
number_of_versions_retentionThe number of retained versions of every password that is stored in the safe.Optional
number_of_days_retentionThe number of days for which password versions are saved in the safe.Optional
locationThe location of the new safe.Optional

Context Output

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe name of the safe.
CyberArkPAS.Safes.DescriptionStringThe description of the safe.
CyberArkPAS.Safes.LocationStringThe location of the safe.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safe.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the safe.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the safe.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the safe.

Command Example

!cyberark-pas-safe-add safe_name="TestSafe1" description="safe for tests" number_of_days_retention=100

Context Example

{
"CyberArkPAS": {
"Safes": {
"AutoPurgeEnabled": false,
"Description": "safe for tests",
"Location": "\\",
"ManagingCPM": "",
"NumberOfDaysRetention": 100,
"NumberOfVersionsRetention": null,
"OLACEnabled": true,
"SafeName": "TestSafe1"
}
}
}

Human Readable Output

Results

AutoPurgeEnabledDescriptionLocationManagingCPMNumberOfDaysRetentionNumberOfVersionsRetentionOLACEnabledSafeName
falsesafe for tests\ 100trueTestSafe1

cyberark-pas-safe-update


Update a single safe in the vault.

Base Command

cyberark-pas-safe-update

Input

Argument NameDescriptionRequired
safe_nameThe name of the safe that will be updated.Required
descriptionThe description of the updated safe.Optional
OLAC_enabledWhether or not to enable Object Level Access Control (OLAC) for the updated
safe. Valid values are: 'true' or 'false'. Default is 'true'.
Optional
managing_cpmThe name of the Central Policy Manager (CPM) user who will manage the updated safe.Optional
number_of_versions_retentionThe number of retained versions of every password that is stored in the updated safe.Optional
number_of_days_retentionThe number of days for which password versions are saved in the updated safe.Optional
safe_new_nameThe new name of the safe.Optional
locationThe location of the updated safe.Optional

Context Output

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe name of the updated safe.
CyberArkPAS.Safes.DescriptionStringThe description of the updated safe.
CyberArkPAS.Safes.LocationStringThe location of the updated safe.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safe.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the updated safe.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the updated safe.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the updated safe.

Command Example

!cyberark-pas-safe-update safe_name=TestSafe1 safe_new_name=UpdatedName1 description=UpdatedSafe number_of_days_retention=150

Context Example

{
"CyberArkPAS": {
"Safes": {
"AutoPurgeEnabled": false,
"Description": "UpdatedSafe",
"Location": "\\",
"ManagingCPM": "",
"NumberOfDaysRetention": 150,
"NumberOfVersionsRetention": null,
"OLACEnabled": true,
"SafeName": "UpdatedName1"
}
}
}

Human Readable Output

Results

AutoPurgeEnabledDescriptionLocationManagingCPMNumberOfDaysRetentionNumberOfVersionsRetentionOLACEnabledSafeName
falseUpdatedSafe\ 150trueUpdatedName1

cyberark-pas-safe-delete


Delete a safe from the vault.

Base Command

cyberark-pas-safe-delete

Input

Argument NameDescriptionRequired
safe_nameThe name of the safe that will be deleted.Required

Context Output

PathTypeDescription
CyberArkPAS.Safes.DeletedBooleanWhether the safe was deleted.

Command Example

!cyberark-pas-safe-delete safe_name=UpdatedName1

Context Example

{
"CyberArkPAS": {
"Safes": {
"Deleted": true,
"SafeName": "UpdatedName1"
}
}
}

Human Readable Output

Safe UpdatedName1 was deleted

cyberark-pas-safe-members-list


Return a list of the members of the safe.

Base Command

cyberark-pas-safe-members-list

Input

Argument NameDescriptionRequired
safe_nameThe name of the safe whose safe members will be listed.Required

Context Output

PathTypeDescription
CyberArkPAS.Safes.Members.MemberNameStringThe names of the safe members.
CyberArkPAS.Safes.Members.MembershipExpirationDateNumberThe expiration dates of the safe members.
CyberArkPAS.Safes.Members.PermissionsUnknownThe permissions of the safe members.
CyberArkPAS.Safes.Members.SearchInStringThe vault or domain where the users or groups was found.

Command Example

!cyberark-pas-safe-members-list safe_name=UpdatedName1

Context Example

{
"CyberArkPAS": {
"Safes": {
"Members": [
{
"IsExpiredMembershipEnable": false,
"IsPredefinedUser": true,
"MemberName": "Administrator",
"MemberType": "User",
"MembershipExpirationDate": null,
"Permissions": {
"AccessWithoutConfirmation": true,
"AddAccounts": true,
"BackupSafe": true,
"CreateFolders": true,
"DeleteAccounts": true,
"DeleteFolders": true,
"InitiateCPMAccountManagementOperations": true,
"ListAccounts": true,
"ManageSafe": true,
"ManageSafeMembers": true,
"MoveAccountsAndFolders": true,
"RenameAccounts": true,
"RequestsAuthorizationLevel1": true,
"RequestsAuthorizationLevel2": false,
"RetrieveAccounts": true,
"SpecifyNextAccountContent": true,
"UnlockAccounts": true,
"UpdateAccountContent": true,
"UpdateAccountProperties": true,
"UseAccounts": true,
"ViewAuditLog": true,
"ViewSafeMembers": true
}
},
{
"IsExpiredMembershipEnable": false,
"IsPredefinedUser": false,
"MemberName": "TestUser1",
"MemberType": "User",
"MembershipExpirationDate": null,
"Permissions": {
"AccessWithoutConfirmation": false,
"AddAccounts": false,
"BackupSafe": false,
"CreateFolders": false,
"DeleteAccounts": false,
"DeleteFolders": false,
"InitiateCPMAccountManagementOperations": false,
"ListAccounts": false,
"ManageSafe": false,
"ManageSafeMembers": false,
"MoveAccountsAndFolders": false,
"RenameAccounts": false,
"RequestsAuthorizationLevel1": false,
"RequestsAuthorizationLevel2": false,
"RetrieveAccounts": false,
"SpecifyNextAccountContent": false,
"UnlockAccounts": false,
"UpdateAccountContent": false,
"UpdateAccountProperties": false,
"UseAccounts": true,
"ViewAuditLog": false,
"ViewSafeMembers": false
}
}
]
}
}
}

Human Readable Output

There are 2 safe members for UpdatedName1

IsExpiredMembershipEnableIsPredefinedUserMemberNameMemberTypeMembershipExpirationDatePermissions
falsetrueAdministratorUserUseAccounts: true
RetrieveAccounts: true
ListAccounts: true
AddAccounts: true
UpdateAccountContent: true
UpdateAccountProperties: true
InitiateCPMAccountManagementOperations: true
SpecifyNextAccountContent: true
RenameAccounts: true
DeleteAccounts: true
UnlockAccounts: true
ManageSafe: true
ManageSafeMembers: true
BackupSafe: true
ViewAuditLog: true
ViewSafeMembers: true
AccessWithoutConfirmation: true
CreateFolders: true
DeleteFolders: true
MoveAccountsAndFolders: true
RequestsAuthorizationLevel1: true
RequestsAuthorizationLevel2: false
falsefalseTestUser1UserUseAccounts: true
RetrieveAccounts: false
ListAccounts: false
AddAccounts: false
UpdateAccountContent: false
UpdateAccountProperties: false
InitiateCPMAccountManagementOperations: false
SpecifyNextAccountContent: false
RenameAccounts: false
DeleteAccounts: false
UnlockAccounts: false
ManageSafe: false
ManageSafeMembers: false
BackupSafe: false
ViewAuditLog: false
ViewSafeMembers: false
AccessWithoutConfirmation: false
CreateFolders: false
DeleteFolders: false
MoveAccountsAndFolders: false
RequestsAuthorizationLevel1: false
RequestsAuthorizationLevel2: false

cyberark-pas-safe-member-add


Add an existing user as a safe member. Uses the V1 of the API and may change in the future.

Base Command

cyberark-pas-safe-member-add

Input

Argument NameDescriptionRequired
member_nameThe name of the user to add as a safe member.Required
search_inSearch for the member in the vault or domain.Optional
membership_expiration_dateThe membership expiration date in the format MM\DD\YY. Leave empty if there is no expiration date.Optional
permissionsThe user’s permissions in the safe.
Valid values: UseAccounts, RetrieveAccounts, ListAccounts, AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts, ManageSafe, ManageSafeMembers, BackupSafe, ViewAuditLog, ViewAuditLog, ViewSafeMembers, AccessWithoutConfirmation, CreateFolders, DeleteFolders, MoveAccountsAndFolders
e.g., UseAccounts,RetrieveAccounts
Optional
safe_nameThe name of the safe to add a member to.Required
requests_authorization_levelThe request authorization levels.
0 – cannot authorize
1 – authorization level 1
2 – authorization level 2
Default is '0'.
Optional

Context Output

PathTypeDescription
CyberArkPAS.Safes.Members.MemberNameStringThe name of the safe member.
CyberArkPAS.Safes.Members.MembershipExpirationDateNumberThe expiration date of the safe member.
CyberArkPAS.Safes.Members.PermissionsUnknownThe permissions of the safe member.
CyberArkPAS.Safes.Members.SearchInStringThe vault or domain where the user or group was found.

Command Example

!cyberark-pas-safe-member-add member_name="TestUser1" safe_name="UpdatedName1"

Context Example

{
"CyberArkPAS": {
"Safes": {
"Members": {
"MemberName": "TestUser1",
"MembershipExpirationDate": "",
"Permissions": [
{
"Key": "UseAccounts",
"Value": false
},
{
"Key": "RetrieveAccounts",
"Value": false
},
{
"Key": "ListAccounts",
"Value": false
},
{
"Key": "AddAccounts",
"Value": false
},
{
"Key": "UpdateAccountContent",
"Value": false
},
{
"Key": "UpdateAccountProperties",
"Value": false
},
{
"Key": "InitiateCPMAccountManagementOperations",
"Value": false
},
{
"Key": "SpecifyNextAccountContent",
"Value": false
},
{
"Key": "RenameAccounts",
"Value": false
},
{
"Key": "DeleteAccounts",
"Value": false
},
{
"Key": "UnlockAccounts",
"Value": false
},
{
"Key": "ManageSafe",
"Value": false
},
{
"Key": "ManageSafeMembers",
"Value": false
},
{
"Key": "BackupSafe",
"Value": false
},
{
"Key": "ViewAuditLog",
"Value": false
},
{
"Key": "ViewSafeMembers",
"Value": false
},
{
"Key": "AccessWithoutConfirmation",
"Value": false
},
{
"Key": "CreateFolders",
"Value": false
},
{
"Key": "DeleteFolders",
"Value": false
},
{
"Key": "MoveAccountsAndFolders",
"Value": false
},
{
"Key": "RequestsAuthorizationLevel",
"Value": 0
}
],
"SearchIn": "vault"
}
}
}
}

Human Readable Output

Results

MemberNameMembershipExpirationDatePermissionsSearchIn
TestUser1{'Key': 'UseAccounts', 'Value': False},
{'Key': 'RetrieveAccounts', 'Value': False},
{'Key': 'ListAccounts', 'Value': False},
{'Key': 'AddAccounts', 'Value': False},
{'Key': 'UpdateAccountContent', 'Value': False},
{'Key': 'UpdateAccountProperties', 'Value': False},
{'Key': 'InitiateCPMAccountManagementOperations', 'Value': False},
{'Key': 'SpecifyNextAccountContent', 'Value': False},
{'Key': 'RenameAccounts', 'Value': False},
{'Key': 'DeleteAccounts', 'Value': False},
{'Key': 'UnlockAccounts', 'Value': False},
{'Key': 'ManageSafe', 'Value': False},
{'Key': 'ManageSafeMembers', 'Value': False},
{'Key': 'BackupSafe', 'Value': False},
{'Key': 'ViewAuditLog', 'Value': False},
{'Key': 'ViewSafeMembers', 'Value': False},
{'Key': 'AccessWithoutConfirmation', 'Value': False},
{'Key': 'CreateFolders', 'Value': False},
{'Key': 'DeleteFolders', 'Value': False},
{'Key': 'MoveAccountsAndFolders', 'Value': False},
{'Key': 'RequestsAuthorizationLevel', 'Value': 0}
vault

cyberark-pas-safe-member-update


Update an existing safe member. Uses the V1 of the API and may change in the future.

Base Command

cyberark-pas-safe-member-update

Input

Argument NameDescriptionRequired
member_nameThe member name that will be updated.Required
membership_expiration_dateThe membership expiration date in the format MM\DD\YY. Leave empty if there is no expiration date.Optional
permissionsThe user’s permissions in the safe.
Valid values are:
UseAccounts, RetrieveAccounts, ListAccounts, AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts, ManageSafe, ManageSafeMembers, BackupSafe, ViewAuditLog, ViewAuditLog, ViewSafeMembers, RequestsAuthorizationLevel, AccessWithoutConfirmation, CreateFolders, DeleteFolders, MoveAccountsAndFolders
e.g., UseAccounts,RetrieveAccounts
Optional
safe_nameThe name of the safe to which the safe member belongs.Required
requests_authorization_levelRequest authorization levels.
0 – cannot authorize
1 – authorization level 1
2 – authorization level 2
Default is: '0'.
Optional

Context Output

PathTypeDescription
CyberArkPAS.Safes.Members.MemberNameStringThe name of the safe member.
CyberArkPAS.Safes.Members.MembershipExpirationDateNumberThe expiration date of the safe member.
CyberArkPAS.Safes.Members.PermissionsUnknownThe permissions of the safe member.
CyberArkPAS.Safes.Members.SearchInStringThe vault or domain where the user or group was found.

Command Example

!cyberark-pas-safe-member-update member_name="TestUser1" safe_name="UpdatedName1" permissions=UseAccounts

Context Example

{
"CyberArkPAS": {
"Safes": {
"Members": {
"MembershipExpirationDate": "",
"Permissions": [
{
"Key": "UseAccounts",
"Value": true
},
{
"Key": "RetrieveAccounts",
"Value": false
},
{
"Key": "ListAccounts",
"Value": false
},
{
"Key": "AddAccounts",
"Value": false
},
{
"Key": "UpdateAccountContent",
"Value": false
},
{
"Key": "UpdateAccountProperties",
"Value": false
},
{
"Key": "InitiateCPMAccountManagementOperations",
"Value": false
},
{
"Key": "SpecifyNextAccountContent",
"Value": false
},
{
"Key": "RenameAccounts",
"Value": false
},
{
"Key": "DeleteAccounts",
"Value": false
},
{
"Key": "UnlockAccounts",
"Value": false
},
{
"Key": "ManageSafe",
"Value": false
},
{
"Key": "ManageSafeMembers",
"Value": false
},
{
"Key": "BackupSafe",
"Value": false
},
{
"Key": "ViewAuditLog",
"Value": false
},
{
"Key": "ViewSafeMembers",
"Value": false
},
{
"Key": "AccessWithoutConfirmation",
"Value": false
},
{
"Key": "CreateFolders",
"Value": false
},
{
"Key": "DeleteFolders",
"Value": false
},
{
"Key": "MoveAccountsAndFolders",
"Value": false
},
{
"Key": "RequestsAuthorizationLevel",
"Value": 0
}
]
}
}
}
}

Human Readable Output

Results

MembershipExpirationDatePermissions
{'Key': 'UseAccounts', 'Value': True},
{'Key': 'RetrieveAccounts', 'Value': False},
{'Key': 'ListAccounts', 'Value': False},
{'Key': 'AddAccounts', 'Value': False},
{'Key': 'UpdateAccountContent', 'Value': False},
{'Key': 'UpdateAccountProperties', 'Value': False},
{'Key': 'InitiateCPMAccountManagementOperations', 'Value': False},
{'Key': 'SpecifyNextAccountContent', 'Value': False},
{'Key': 'RenameAccounts', 'Value': False},
{'Key': 'DeleteAccounts', 'Value': False},
{'Key': 'UnlockAccounts', 'Value': False},
{'Key': 'ManageSafe', 'Value': False},
{'Key': 'ManageSafeMembers', 'Value': False},
{'Key': 'BackupSafe', 'Value': False},
{'Key': 'ViewAuditLog', 'Value': False},
{'Key': 'ViewSafeMembers', 'Value': False},
{'Key': 'AccessWithoutConfirmation', 'Value': False},
{'Key': 'CreateFolders', 'Value': False},
{'Key': 'DeleteFolders', 'Value': False},
{'Key': 'MoveAccountsAndFolders', 'Value': False},
{'Key': 'RequestsAuthorizationLevel', 'Value': 0}

cyberark-pas-safe-member-delete


Remove a specific member from a safe. Uses the V1 of the API and may change in the future.

Base Command

cyberark-pas-safe-member-delete

Input

Argument NameDescriptionRequired
safe_nameThe name of the safe to delete a member from.Required
member_nameThe name of the safe member to delete from the safe’s list of members.Required

Context Output

PathTypeDescription
CyberArkPAS.Safes.Members.DeletedBooleanWhether the safe member was deleted.

Command Example

!cyberark-pas-safe-member-delete member_name=TestUser1 safe_name=UpdatedName1

Context Example

{
"CyberArkPAS": {
"Safes": {
"Members": {
"Deleted": true,
"MemberName": "TestUser1"
}
}
}
}

Human Readable Output

Member TestUser1 was deleted from UpdatedName1 safe

cyberark-pas-account-add


Add a new privileged account or SSH key to the vault.

Base Command

cyberark-pas-account-add

Input

Argument NameDescriptionRequired
account_nameThe name of the account.Required
addressThe name or address of the machine where the account will be used.Required
platform_idThe platform assigned to this account.Required
safe_nameThe name of the safe where the account will be created.Required
secret_typeThe type of password. Valid values are: 'password', 'key'. Default is 'password'.Optional
usernameThe The user name of the account.Required
passwordThe password that the user will use to log on for the first time.Required
propertiesObject containing key-value pairs to associate with the account, as defined by the account platform.
e.g., {"Location": "IT", "OwnerName": "MSSPAdmin"}
Optional
automatic_management_enabledWhether the account secret is automatically managed by the Central Policy Manager (CPM). Can be 'true' or 'false'. Default is 'true'.Optional
manual_management_reasonThe reason for disabling automatic secret management.Optional
remote_machinesList of remote machines, separated by semicolons.
e.g., server1.cyberark.com;server2.cyberark.com
Optional
access_restricted_to_remote_machinesWhether or not to restrict access to specified remote machines only. Can be 'true' or 'false'. Default is: 'true'.Optional

Context Output

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique ID of the account.
CyberArkPAS.Accounts.categoryModificationTimeNumberThe last modified date of the account.
CyberArkPAS.Accounts.createdTimeNumberThe date the account was created.
CyberArkPAS.Accounts.nameStringThe name of the account.
CyberArkPAS.Accounts.platformIdStringThe platform assigned to this account.
CyberArkPAS.Accounts.safeNameStringThe safe where the account is created.
CyberArkPAS.Accounts.secretManagementStringWhether the account secret is automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of password.
CyberArkPAS.Accounts.userNameStringThe name of the account user.
CyberArkPAS.Accounts.addressStringThe name or address of the machine where the account will be used.

Command Example

!cyberark-pas-account-add safe_name=TestSafe1 account_name=TestAccount1 address=/ password=12345Aa platform_id=WinServerLocal username=TestUser

Context Example

{
"CyberArkPAS": {
"Accounts": {
"address": "/",
"categoryModificationTime": 1597863168,
"createdTime": 1597863168,
"id": "89_3",
"name": "TestAccount1",
"platformId": "WinServerLocal",
"safeName": "TestSafe1",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 1597848768
},
"secretType": "password",
"userName": "TestUser"
}
}
}

Human Readable Output

Results

addresscategoryModificationTimecreatedTimeidnameplatformIdsafeNamesecretManagementsecretTypeuserName
/1597863168159786316889_3TestAccount1WinServerLocalTestSafe1automaticManagementEnabled: true
lastModifiedTime: 1597848768
passwordTestUser

cyberark-pas-account-delete


Delete a specific account in the vault.

Base Command

cyberark-pas-account-delete

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account to delete.Required

Context Output

PathTypeDescription
CyberArkPAS.Accounts.DeletedBooleanWhether the safe was deleted.

Command Example

!cyberark-pas-account-delete account_id= 89_3

Context Example

{
"CyberArkPAS": {
"Accounts": {
"Deleted": true,
"id": "89_3"
}
}
}

Human Readable Output

Account 89_3 was deleted

cyberark-pas-account-update


Update the details of an existing account.

Base Command

cyberark-pas-account-update

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account to update.Required
account_nameThe name of the account to update.Optional
addressThe name or address of the machine where the account will be used.Optional
platform_idThe platform assigned to this account.Optional
usernameThe user name of the account.Optional

Context Output

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique ID of the account.
CyberArkPAS.Accounts.categoryModificationTimeNumberThe last modified date of the account.
CyberArkPAS.Accounts.createdTimeNumberThe date the account was created.
CyberArkPAS.Accounts.nameStringThe name of the account.
CyberArkPAS.Accounts.platformIdStringThe platform assigned to this account.
CyberArkPAS.Accounts.safeNameStringThe safe where the account was created.
CyberArkPAS.Accounts.secretManagementStringWhether the account secret is automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of password.
CyberArkPAS.Accounts.userNameStringThe user name of the account.
CyberArkPAS.Accounts.addressStringThe name or address of the machine where the account will be used.

Command Example

!cyberark-pas-account-update account_id= 89_3 account_name=NewName

Context Example

{
"CyberArkPAS": {
"Accounts": {
"address": "/",
"categoryModificationTime": 1597863168,
"createdTime": 1597863168,
"id": "89_3",
"name": "NewName",
"platformId": "WinServerLocal",
"safeName": "TestSafe1",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 1597848768
},
"secretType": "password",
"userName": "TestUser"
}
}
}

Human Readable Output

Results

addresscategoryModificationTimecreatedTimeidnameplatformIdsafeNamesecretManagementsecretTypeuserName
/1597863168159786316889_3NewNameWinServerLocalTestSafe1automaticManagementEnabled: true
lastModifiedTime: 1597848768
passwordTestUser

cyberark-pas-accounts-list


Return a list of all the accounts in the vault.

Base Command

cyberark-pas-accounts-list

Input

Argument NameDescriptionRequired
searchList of keywords to search for in the accounts.
Separated with a space, e.g,. Windows admin
Optional
sortProperty or properties by which to sort the returned accounts.
The properties are followed by a comma and then 'asc' (default) or 'desc' to control the sort direction,
e.g., Windows,asc
Optional
offsetThe offset of the first account that is returned in the collection of results. Default is '0'.Optional
limitMaximum number of accounts in the returned list. Default is '50'.Optional
filterSearch for accounts filtered by a specific safe,
e.g., safeName eq 'mySafe'.
Optional

Context Output

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique IDs of the accounts.
CyberArkPAS.Accounts.categoryModificationTimeNumberLast modified dates of the accounts.
CyberArkPAS.Accounts.createdTimeNumberDate the account was created.
CyberArkPAS.Accounts.nameStringThe names of the accounts.
CyberArkPAS.Accounts.platformIdStringThe platforms assigned to these accounts.
CyberArkPAS.Accounts.safeNameStringThe safes where the accounts were created.
CyberArkPAS.Accounts.secretManagementStringWhether the accounts secrets were automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of passwords.
CyberArkPAS.Accounts.userNameStringThe user names of the accounts.
CyberArkPAS.Accounts.addressStringThe names or addresses of the machine where the accounts are used.

Command Example

!cyberark-pas-accounts-list limit=2

Context Example

{
"CyberArkPAS": {
"Accounts": [
{
"address": "string",
"categoryModificationTime": 1594569595,
"createdTime": 1594573679,
"id": "2_6",
"name": "account1",
"platformAccountProperties": {},
"platformId": "Oracle",
"safeName": "VaultInternal",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 159459279
},
"secretType": "password",
"userName": "string"
},
{
"address": "string",
"categoryModificationTime": 1583345933,
"createdTime": 157312750,
"id": "2_3",
"name": "cybr",
"platformAccountProperties": {},
"platformId": "WinDomain",
"safeName": "VaultInternal",
"secretManagement": {
"automaticManagementEnabled": false,
"lastModifiedTime": 157319750,
"manualManagementReason": "NoReason"
},
"secretType": "password",
"userName": "vault"
}
]
}
}

Human Readable Output

There are 2 accounts

addresscategoryModificationTimecreatedTimeidnameplatformAccountPropertiesplatformIdsafeNamesecretManagementsecretTypeuserName
string159456959515945736792_6account1OracleVaultInternalautomaticManagementEnabled: true
lastModifiedTime: 1594559279
passwordstring
string158334593315731277502_3cybrWinDomainVaultInternalautomaticManagementEnabled: false
manualManagementReason: NoReason
lastModifiedTime: 1573109750
passwordvault

cyberark-pas-account-get-list-activity


Returns the activities of a specific account that is identified by its account ID.

Base Command

cyberark-pas-account-get-list-activity

Input

Argument NameDescriptionRequired
account_idThe ID of the account whose activities will be retrieved.Required

Context Output

PathTypeDescription
CyberArkPAS.Activities.ActionStringThe activity that was performed.
CyberArkPAS.Activities.ActionIDNumberThe code identification of the specific activity.
CyberArkPAS.Activities.AlertBooleanWhether or not the activity caused an alert.
CyberArkPAS.Activities.ClientIDStringThe name of the account.
CyberArkPAS.Activities.DateNumberThe date the account was created.
CyberArkPAS.Activities.MoreInfoStringMore information about the activity.
CyberArkPAS.Activities.ReasonStringThe reason given by the user for the activity.
CyberArkPAS.Activities.UserStringThe user who performed the activity.

Command Example

!cyberark-pas-account-get-list-activity account_id= 89_3

Context Example

{
"CyberArkPAS": {
"Activities": [
{
"Action": "Rename File",
"ActionID": 124,
"Alert": false,
"ClientID": "1",
"Date": 1597863265,
"MoreInfo": "NewName",
"Reason": "",
"User": "Administrator"
},
{
"Action": "Add File Category",
"ActionID": 105,
"Alert": false,
"ClientID": "1",
"Date": 1597863168,
"MoreInfo": "CreationMethod",
"Reason": "Value=[ABC]",
"User": "Administrator"
}
]
}
}

Human Readable Output

Results

ActionActionIDAlertClientIDDateMoreInfoReasonUser
Rename File124false11597863265NewNameAdministrator
Add File Category105false11597863168CreationMethodValue=[ABC]Administrator

cyberark-pas-account-get-details


Returns information for the specified account, identified by the account ID.

Base Command

cyberark-pas-account-get-details

Input

Argument NameDescriptionRequired
account_idThe ID of the account for which to retrieve information.Required

Context Output

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique ID of the account.
CyberArkPAS.Accounts.categoryModificationTimeNumberThe date the account was last modified.
CyberArkPAS.Accounts.createdTimeNumberThe date the account was created.
CyberArkPAS.Accounts.nameStringThe name of the account.
CyberArkPAS.Accounts.platformIdStringThe platform assigned to this account.
CyberArkPAS.Accounts.safeNameStringThe safe where the account is created.
CyberArkPAS.Accounts.secretManagementStringWhether the account secret is automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of password.
CyberArkPAS.Accounts.userNameStringThe name of the account user.
CyberArkPAS.Accounts.addressStringThe name or address of the machine where the account will be used.

Command Example

!cyberark-pas-account-get-details account_id=46_7

Context Example

{
"CyberArkPAS": {
"Accounts": {
"address": "address.com",
"categoryModificationTime": 1597581174,
"createdTime": 1595431869,
"id": "46_7",
"name": "Operating System-UnixSSH",
"platformAccountProperties": {
"Tags": "SSH",
"UseSudoOnReconcile": "No"
},
"platformId": "UnixSSH",
"safeName": "Linux Accounts",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 1595417469,
"lastReconciledTime": 1576120341,
"status": "success"
},
"secretType": "password",
"userName": "user1"
}
}
}

Human Readable Output

Results

addresscategoryModificationTimecreatedTimeidnameplatformAccountPropertiesplatformIdsafeNamesecretManagementsecretTypeuserName
address1597581174159543186946_7Operating System-UnixSSHUseSudoOnReconcile: No
Tags: SSH
UnixSSHLinux AccountsautomaticManagementEnabled: true
status: success
lastModifiedTime: 1595417469
lastReconciledTime: 1576120341
passworduser1

cyberark-pas-credentials-change-in-vault-only


Enable users to set account credentials and change them in the vault.

Base Command

cyberark-pas-credentials-change-in-vault-only

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required
new_credentialsThe new account credentials that will be allocated to the account in the vault.Required

Context Output

There is no context output for this command.

Command Example

!cyberark-pas-credentials-change-in-vault-only account_id=89_4 new_credentials=1234Asw

Human Readable Output

The password in the account 89_4 was changed

cyberark-pas-credentials-verify


Mark an account for verification by the Central Policy Manager (CPM).

Base Command

cyberark-pas-credentials-verify

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required

Context Output

There is no context output for this command.

Command Example

!cyberark-pas-credentials-verify account_id=89_4

Human Readable Output

The account 89_4 was marked for verification by the CPM

cyberark-pas-credentials-reconcile


Mark an account for automatic reconciliation by the Central Policy Manager (CPM).

Base Command

cyberark-pas-credentials-reconcile

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required

Context Output

There is no context output for this command.

Command Example

!cyberark-pas-credentials-reconcile account_id=89_4

Human Readable Output

The account 89_4 was marked for automatic reconciliation by the CPM.

cyberark-pas-credentials-change-random-password


Mark an account for an immediate credentials change by the CPM to a new random value.

Base Command

cyberark-pas-credentials-change-random-password

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required

Context Output

There is no context output for this command.

Command Example

!cyberark-pas-credentials-change-random-password account_id=89_4

Human Readable Output

The password in the account 89_4 was changed

cyberark-pas-credentials-change-set-new-password


Enable users to set the account's credentials to use for the next Central Policy Manager (CPM) change.

Base Command

cyberark-pas-credentials-change-set-new-password

Input

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required
new_credentialsThe new account credentials that will be allocated to the account in the vault.Required

Context Output

There is no context output for this command.

Command Example

!cyberark-pas-credentials-change-set-new-password account_id=89_4

Human Readable Output

The password in the account 89_4 was changed

cyberark-pas-security-events-get


Return all Privileged Threat Analytics (PTA) security events.

Base Command

cyberark-pas-security-events-get

Input

Argument NameDescriptionRequired
start_timeThe starting date to get the security events from. Must be in the following timestamp format:
(<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).
Required
limitThe number of events that will be shown, from newest to oldest. Default is '50'.Optional

Context Output

PathTypeDescription
CyberArkPAS.SecurityEvents.idNumberThe unique ID of the security events.
CyberArkPAS.SecurityEvents.additionalDataStringAdditional data about the security events.
CyberArkPAS.SecurityEvents.audits.createTimeNumberThe time the security events were created.
CyberArkPAS.SecurityEvents.lastUpdateTimeNumberThe last update time of the security events.
CyberArkPAS.SecurityEvents.mStatusStringThe status of the security events.
CyberArkPAS.SecurityEvents.scoreNumberThe score of the security events.
CyberArkPAS.SecurityEvents.typeStringThe type of the security events.

Command Example

!cyberark-pas-security-events-get start_time="3 days" limit=2

Context Example

{
"CyberArkPAS": {
"SecurityEvents": [
{
"additionalData": {
"reason": "ip",
"station": "1.1.1.1",
"vault_user": "administrator"
},
"audits": [
{
"action": "Logon",
"cloudData": {},
"createTime": 1597864497000,
"id": "1a2b3c4d",
"sensorType": "VAULT",
"source": {
"mOriginalAddress": "1.1.1.1",
"mResolvedAddress": {
"mAddress": "1.1.1.1",
"mFqdn": "1-2-3-4",
"mHostName": "1-2-3-4",
"mOriginalAddress": "1.1.1.1",
}
},
"type": "VAULT_LOGON",
"vaultUser": "Administrator"
}
],
"createTime": 1597864497000,
"id": "1",
"lastUpdateTime": 1597864497000,
"mStatus": "OPEN",
"score": 25.751749103263528,
"type": "VaultViaIrregularIp"
},
{
"additionalData": {
"reason": "ip",
"station": "1.1.1.1",
"vault_user": "administrator"
},
"audits": [
{
"action": "Logon",
"cloudData": {},
"createTime": 1597864209000,
"id": "5f3d7911e4b0b8d4ac363b1b",
"sensorType": "VAULT",
"source": {
"mOriginalAddress": "1.1.1.1",
"mResolvedAddress": {
"mAddress": "1.1.1.1",
"mFqdn": "1-2-3-4",
"mHostName": "1-2-3-4",
"mOriginalAddress": "1.1.1.1",
}
},
"type": "VAULT_LOGON",
"vaultUser": "Administrator"
}
],
"createTime": 1597864209000,
"id": "2",
"lastUpdateTime": 1597864209000,
"mStatus": "OPEN",
"score": 25.751749103263528,
"type": "VaultViaIrregularIp"
}
]
}
}

Human Readable Output

Results

additionalDataauditscreateTimeidlastUpdateTimemStatusscoretype
station: 1.1.1.1
reason: ip
vault_user: administrator
{'id': '1', 'type': 'VAULT_LOGON', 'sensorType': 'VAULT', 'action': 'Logon', 'createTime': 1597864497000, 'vaultUser': 'Administrator', 'source': {'mOriginalAddress': '1.1.1.1', 'mResolvedAddress': {'mOriginalAddress': '1.1.1.1', 'mAddress': '1.1.1.1', 'mHostName': '1-2-3-4', 'mFqdn': '1-2-3-4'}}, 'cloudData': {}}159786449700011597864497000OPEN25.751749103263528VaultViaIrregularIp
station: 1.1.1.1
reason: ip
vault_user: administrator
{'id': '2', 'type': 'VAULT_LOGON', 'sensorType': 'VAULT', 'action': 'Logon', 'createTime': 1597864209000, 'vaultUser': 'Administrator', 'source': {'mOriginalAddress': '1.1.1.1', 'mResolvedAddress': {'mOriginalAddress': '1.1.1.1', 'mAddress': '1.1.1.1', 'mHostName': '1-2-3-4', 'mFqdn': '1-2-3-4'}}, 'cloudData': {}}159786420900021597864209000OPEN25.751749103263528VaultViaIrregularIp